Case III: Denial of Service
This case addresses issues
related to the effect of one person's computation on other users. This
situation involves people with legitimate access, so standard access controls
should not exclude them. However, because of the actions of some, other people
are denied legitimate access to the system. Thus, the focus of this case is on
the rights of all users.
Charlie and Carol are
students at a university in a computer science program. Each writes a program
for a class assignment. Charlie's program happens to uncover a flaw in a
compiler that ultimately causes the entire computing system to fail; all users
lose the results of their current computation. Charlie's program uses
acceptable features of the language; the compiler is at fault. Charlie did not
suspect his program would cause a system failure. He reports the program to the
computing center and tries to find ways to achieve his intended result without
exercising the system flaw.
The system continues to fail
periodically, for a total of ten times (beyond the first failure). When the
system fails, sometimes Charlie is running a program, but sometimes Charlie is
not. The director contacts Charlie, who shows all of his program versions to
the computing center staff. The staff concludes that Charlie may have been
inadvertently responsible for some, but not all, of the system failures, but
that his latest approach to solving the assigned problem is unlikely to lead to
additional system failures.
On further analysis, the
computing center director notes that Carol has had programs running each of the
first eight (of ten) times the system failed. The director uses administrative
privilege to inspect Carol's files and finds a file that exploits the same
vulnerability as did Charlie's program. The director immediately suspends
Carol's account, denying Carol access to the computing system. Because of this,
Carol is unable to complete her assignment on time, she receives a D in the
course, and she drops out of school.
In this case the choices are
intentionally not obvious. The situation is presented as a completed scenario,
but in studying it you are being asked to suggest alternative actions the
players could have taken. In this way, you build a repertoire of actions that
you can consider in similar situations that might arise.
What additional information is needed?
Who has rights in this case? What rights are those? Who has a
responsibility to protect those rights? (This step in ethical study is used to
clarify who should be considered as the reference group for a deontological
Has Charlie acted responsibly? By what evidence do you conclude so?
Has Carol? How? Has the computing center director acted responsibly? How? (In
this step you look for past judgments that should be confirmed or wrongs that
should be redressed.)
What are some alternative actions Charlie or Carol or the director
could have taken that would have been more responsible?